Dear all,
We are happy to announce that we have just completed checking in the SMash
source code into the OAA SourceForge project. The code is available in the
sandbox under the directory smash (/hub/trunk/sandbox/smash).
The code is accompanied by 3 small demo's illustrating the potential use
of this library.
Simple demo: This is basic demo illustrating the basics of cross frame
communication in
this library. The ports are statically wired to the channels in the main
application.
(includes alerts that illustrate component state transitions and messages
on channels)
smash/demos/simple/index.html
Dynamic demo: This is a basic demo illustrating dynamic wiring of ports
and channels and the
dynamic creation and deletion of components.
(includes alerts that illustrate component state transitions and messages
on channels)
smash/demos/dynamic/index.html
Attacks: This demo contains a list of the possible attacks against our
library (message integrity
attacks and component phishing attacks) and the different detection and
protection mechanisms
we have implemented for them.
smash/demos/attacks/index.html
More information about SMash can be found at
http://www.openajax.org/member/wiki/Mashup_Security_Approaches#SMash.
I would like to encourage people to have a look at it and discuss how this
technology can be used to enable secure mashups for future Hub releases.
Kind regards,
Frederik
on behalf of the SMash team.
---
Frederik De Keukelaere, Ph.D.
Postdoctoral Researcher
IBM Research, Tokyo Research Laboratory
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openajax.org/pipermail/security/attachments/20070831/2fceee9d/attachment.html